Sweeping Wi-Fi security flaw has left nearly every connected device at risk

A WPA2 security flaw known as KRACK breaks down the common security protocol, leaving nearly every Wi-Fi-connected device at risk for data theft or hacking.

How can cybersecurity professionals get better? They need to think like hackersA new security report finds that security teams are woefully unprepared for many attacks. They could catch many of them if they thought like their attackers, though.

Nearly all modern, protected Wi-Fi networks and the devices connected to them are now at risk of spying or malicious cyberattacks, thanks to a recently-discovered flaw in the WPA2 security protocol.

The flaw is referred to as KRACK, which stands for key reinstallation attack. It was originally detailed in a paper published by Mathy Vanhoef, a security expert at the Belgian university KU Leuven, and on this website.

Because most modern networks use a form of WPA2 security, they are all at risk, the paper said. Additionally, "if your device supports Wi-Fi, it is most likely affected," Vanhoef wrote. And it's not just snooping that is at risk here—this flaw can also be used to inject ransomware and other forms of malware onto websites, the KRACK site noted.

The flaw itself exploits the four-way handshake procedure that is used to connect users to a Wi-Fi network. The handshake essentially determines that a device and access point have access to the same credentials, the website said, and creates an encryption key for all the traffic that will happen between them.

However, with the KRACK attack, a user can be tricked into installing an already-used key with its parameters reset. Because of this, attackers can intercept and decrypt client packets, potentially gaining access to sensitive information in the process.

According to the site, the following identifiers have been assigned to KRACL:

CVE-2017-13077

CVE-2017-13078

CVE-2017-13079

CVE-2017-13080

CVE-2017-13081

CVE-2017-13082

CVE-2017-13084

CVE-2017-13086

CVE-2017-13087

CVE-2017-13088

While nearly every connected device is at risk, a certain vulnerability in a Wi-Fi client commonly used on Linux makes it especially devastating to certain Android and Linux devices. Some 41% of Android devices, including those running Android 6.0 and above, have this vulnerability, that makes it "trivial to intercept and manipulate traffic sent by these Linux and Android devices," the website said.

According to the KRACK website, the researchers began notifying affected vendors on July 14, 2017. They then reached out to the US Department of Homeland Security's cyber-emergency unit US-CERT, which later sent out a notification to vendors on August 28, 2017.

While there haven't necessarily been any examples of this type of attack in the wild, users should still remain cautious as many devices have likely not yet been patched. For extremely sensitive data, consider forgoing Wi-Fi if at all possible. However, if you must use Wi-Fi, WPA2 is still preferable over WEP, the website noted.

Update: Security professionals are reminding enterprises that the vulnerability is patchable, and there is currently no publicly-available code to attack this flaw. In a statement to the Verge, Microsoft said that it has already issued a patch for the KRACK vulnerability, and Google has promised a patch in the coming weeks. A Linux patch is also available and a host of other organizations have issued patches as well.

The 3 big takeaways for TechRepublic readers

KRACK, a new key reinstallation attack, puts nearly every Wi-Fi device at risk of eavesdropping on its network traffic, according to researchers.

The flaw tricks users into installing an already used security key, which can enable attackers to intercept and decrypt client packets, potentially stealing information.

Android devices and IoT devices will be especially hard hit, but all devices on modern Wi-Fi networks will be at risk to some degree, researchers said.

Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays